Merge pull request #558 from crazy-max/github-builder

crazy-max · web-flow · commit 2df35816b5e1 · 2026-03-28T18:09:03.000+01:00
ci: use docker/github-builder to build, sign and push images
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -20,58 +20,32 @@ on:
     paths-ignore:
       - '**.md'
 
-env:
-  DOCKERHUB_SLUG: librenms/librenms
-
 jobs:
   build:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v4
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
+    uses: docker/github-builder/.github/workflows/bake.yml@v1
+    permissions:
+      contents: read # same as global permissions
+      id-token: write # for signing attestation(s) with GitHub OIDC Token
+    with:
+      setup-qemu: true
+      target: image-all
+      cache: true
+      cache-scope: image
+      output: image
+      push: ${{ github.event_name != 'pull_request' }}
+      set-meta-labels: true
+      meta-images: |
+        librenms/librenms
+      meta-tags: |
+        type=match,pattern=(.*)-r,group=1
+        type=ref,event=pr
+        type=edge
+      meta-labels: |
+        org.opencontainers.image.title=LibreNMS
+        org.opencontainers.image.description=Fully featured network monitoring system
+        org.opencontainers.image.vendor=LibreNMS
+    secrets:
+      registry-auths: |
+        - registry: docker.io
+          username: ${{ vars.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v6
-        with:
-          images: |
-            ${{ env.DOCKERHUB_SLUG }}
-          tags: |
-            type=match,pattern=(.*)-r,group=1
-            type=ref,event=pr
-            type=edge
-          labels: |
-            org.opencontainers.image.title=LibreNMS
-            org.opencontainers.image.description=Fully featured network monitoring system
-            org.opencontainers.image.vendor=LibreNMS
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v4
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
-      -
-        name: Build
-        uses: docker/bake-action@v7
-        with:
-          files: |
-            ./docker-bake.hcl
-            cwd://${{ steps.meta.outputs.bake-file }}
-          targets: image-all
-          push: ${{ github.event_name != 'pull_request' }}
-      -
-        name: Check manifest
-        if: github.event_name != 'pull_request'
-        run: |
-          docker buildx imagetools inspect ${{ env.DOCKERHUB_SLUG }}:${{ steps.meta.outputs.version }}
-      -
-        name: Inspect
-        if: github.event_name != 'pull_request'
-        run: |
-          docker pull ${{ env.DOCKERHUB_SLUG }}:${{ steps.meta.outputs.version }}
-          docker image inspect ${{ env.DOCKERHUB_SLUG }}:${{ steps.meta.outputs.version }}
